Securing Internet Connected Devices (IoT)

Published on October 5, 2017

Our society is blazing towards automating what seems like every aspect of our lives –self-driving cars, home automation, wearable devices, entertainment, medicine, manufacturing, finance/payments, energy – no industry has managed to remain untouched by internet-connected sensors and actuators. However, this explosive adoption of online devices has far-reaching implications for the cyber security of these devices, the data they collect/store, and the actions they automate.

Cyber Security Concerns for IoT

The cyber security concerns for internet of things (IoT) devices can be categorized in many ways, however, we see some key themes.

Considerations For IoT Security

The sheer volume of internet devices and the associated volume of log data poses a unique challenge in securing IoT. With any large network the diversity of devices and logs, and the massive event stream they generate is the main issue. In order to secure IoT, you must be able to ingest this tremendous volume of log data, parse and process the fields within the logs to determine normal for each device. Then you must watch for the changes of behavior that indicated misuse or compromise.

This volume and complexity of data cannot be handled manually or through the use of pre-defined rules (as many legacy security management tools do). The only way to analyze this data is through machine learning algorithms. These machine learning algorithms should be configurable on any field in any log, enabling automated learning and applied intelligence to millions and often even billions of events.

What are the key factors of consideration or points of collections of data?

IoT devices frequently have limited logging and agents often cannot be installed due to the proprietary nature of many devices and the limited capacity to run any agents, so logs often must be collected from network tools like firewalls, NetFlow, and proxies.When the IoT device is a mobile device not owned by the company, application logs become key (in addition or in lieu of network logs), and access and use need to be logged and reviewed at the application layer.

When the IoT device is a mobile device not owned by the company, application logs become key (in addition or in lieu of network logs), and access and use need to be logged and reviewed at the application layer.

As a rule, devices should not be allowed to access protected corporate data without an encryption control method that prevents local storage into unencrypted areas, prevents copy and paste, and provides revocable access with two-factor authentication.

All applications should log Authentication, Moves, Adds, and Changes for both success and failure events. Where possible applications should also log the unique entities or accounts acted upon and what actions were taken.

Company

Securonix Security Analytics Platform, Securonix UEBA, Securonix Cloud, Securonix Security Data Lake,
and Securonix Security Applications are trademarks and of Securonix, Inc. in the United States and
other countries. All other brand names, product names, or trademarks belong to their respective
owners. 2019 Securonix, Inc. All rights reserved.